external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 5f1df056 | patch | commit | show whitespace

OPENDJ-3173 Upgrade task for new HTTP configuration model

Matthew Swift

29.25.2016 5984af9f0c6c5f852bc3292d981e0854f44ae802

OPENDJ-3173 Upgrade task for new HTTP configuration model

Modify HTTP connection handler:

* disable HTTP connection handler(s) (requires approval)
* remove ds-cfg-config-file attribute
* remove ds-cfg-authentication-required.

Add:

* default HTTP endpoints
* default HTTP auth mechanisms

Copy:

* example Rest2Ldap mapping configuration into config directory.

4 files modified

	opendj-server-legacy/src/main/java/org/opends/server/tools/upgrade/FileManager.java	10 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/tools/upgrade/Upgrade.java	148 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/tools/upgrade/UpgradeTasks.java	42 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/messages/org/opends/messages/tool.properties	6 ●●●●● patch \| view \| raw \| blame \| history

 opendj-server-legacy/src/main/java/org/opends/server/tools/upgrade/FileManager.java

@@ -81,7 +81,7 @@
  }

  /**
   * Copies everything below the specified file.
   * Recursively copies everything below the specified file/directory.
   *
   * @param objectFile
   *          the file to be copied.
@@ -89,16 +89,12 @@
   *          the directory to copy the file to
   * @param overwrite
   *          overwrite destination files.
   * @return File representing the destination
   * @throws IOException
   *           if something goes wrong.
   */
  public static File copy(File objectFile, File destDir, boolean overwrite)
      throws IOException
  public static void copyRecursively(File objectFile, File destDir, boolean overwrite) throws IOException
  {
    CopyOperation co = new CopyOperation(objectFile, destDir, overwrite);
    co.apply();
    return co.getDestination();
    operateRecursively(new CopyOperation(objectFile, destDir, overwrite), null);
  }

  private static void operateRecursively(FileOperation op, FileFilter filter)

 opendj-server-legacy/src/main/java/org/opends/server/tools/upgrade/Upgrade.java

@@ -591,6 +591,154 @@
    register("3.5.0",
        restoreCsvDelimiterAttributeTypeInConcatenatedSchemaFile());

    register("3.5.0",
        requireConfirmation(INFO_UPGRADE_TASK_CONFIRM_DISABLING_HTTP_CONNECTION_HANDLER.get(), YES,
            modifyConfigEntry(INFO_UPGRADE_TASK_DISABLING_HTTP_CONNECTION_HANDLER.get(),
                    "(objectclass=ds-cfg-http-connection-handler)",
                    "replace: ds-cfg-enabled",
                    "ds-cfg-enabled: false",
                    "-",
                    "delete: ds-cfg-authentication-required",
                    "-",
                    "delete: ds-cfg-config-file",
                    "-"
            )
        ),
        addConfigEntry(INFO_UPGRADE_TASK_ADDING_DEFAULT_HTTP_ENDPOINTS_AND_AUTH.get(),
                "dn: cn=HTTP Endpoints,cn=config",
                "objectClass: top",
                "objectClass: ds-cfg-branch",
                "cn: HTTP Endpoints"
        ),
        addConfigEntry(
                "dn: ds-cfg-base-path=/api,cn=HTTP Endpoints,cn=config",
                "objectClass: top",
                "objectClass: ds-cfg-http-endpoint",
                "objectClass: ds-cfg-rest2ldap-endpoint",
                "ds-cfg-enabled: true",
                "ds-cfg-java-class: org.opends.server.protocols.http.rest2ldap.Rest2LdapEndpoint",
                "ds-cfg-base-path: /api",
                "ds-cfg-config-directory: config/rest2ldap/endpoints/api",
                "ds-cfg-http-authorization-mechanism: cn=HTTP Basic,cn=HTTP Authorization Mechanisms,cn=config"
        ),
        addConfigEntry(
                "dn: ds-cfg-base-path=/admin,cn=HTTP Endpoints,cn=config",
                "objectClass: top",
                "objectClass: ds-cfg-http-endpoint",
                "objectClass: ds-cfg-admin-endpoint",
                "ds-cfg-enabled: true",
                "ds-cfg-base-path: /admin",
                "ds-cfg-java-class: org.opends.server.protocols.http.rest2ldap.AdminEndpoint",
                "ds-cfg-http-authorization-mechanism: cn=HTTP Basic,cn=HTTP Authorization Mechanisms,cn=config"
        ),
        addConfigEntry(
                "dn: cn=HTTP Authorization Mechanisms,cn=config",
                "objectClass: top",
                "objectClass: ds-cfg-branch",
                "cn: HTTP Authorizations"
        ),
        addConfigEntry(
                "dn: cn=HTTP Anonymous,cn=HTTP Authorization Mechanisms,cn=config",
                "objectClass: top",
                "objectClass: ds-cfg-http-authorization-mechanism",
                "objectClass: ds-cfg-http-anonymous-authorization-mechanism",
                "cn: HTTP Anonymous",
                "ds-cfg-enabled: true",
                "ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpAnonymousAuthorizationMechanism"
        ),
        addConfigEntry(
                "dn: cn=HTTP Basic,cn=HTTP Authorization Mechanisms,cn=config",
                "objectClass: top",
                "objectClass: ds-cfg-http-authorization-mechanism",
                "objectClass: ds-cfg-http-basic-authorization-mechanism",
                "cn: HTTP Basic",
                "ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpBasicAuthorizationMechanism",
                "ds-cfg-enabled: true",
                "ds-cfg-http-basic-alt-authentication-enabled: true",
                "ds-cfg-http-basic-alt-username-header: X-OpenIDM-Username",
                "ds-cfg-http-basic-alt-password-header: X-OpenIDM-Password",
                "ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config"
        ),
        addConfigEntry(
                "dn: cn=HTTP OAuth2 CTS,cn=HTTP Authorization Mechanisms,cn=config",
                "objectClass: top",
                "objectClass: ds-cfg-http-authorization-mechanism",
                "objectClass: ds-cfg-http-oauth2-authorization-mechanism",
                "objectClass: ds-cfg-http-oauth2-cts-authorization-mechanism",
                "cn: HTTP OAuth2 CTS",
                "ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism",
                "ds-cfg-enabled: false",
                "ds-cfg-cts-base-dn: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com",
                "ds-cfg-oauth2-authzid-json-pointer: userName/0",
                "ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
                "ds-cfg-oauth2-required-scope: read",
                "ds-cfg-oauth2-required-scope: write",
                "ds-cfg-oauth2-required-scope: uid",
                "ds-cfg-oauth2-access-token-cache-enabled: false",
                "ds-cfg-oauth2-access-token-cache-expiration: 300s"
        ),
        addConfigEntry(
                "dn: cn=HTTP OAuth2 OpenAM,cn=HTTP Authorization Mechanisms,cn=config",
                "objectClass: top",
                "objectClass: ds-cfg-http-authorization-mechanism",
                "objectClass: ds-cfg-http-oauth2-authorization-mechanism",
                "objectClass: ds-cfg-http-oauth2-openam-authorization-mechanism",
                "cn: HTTP OAuth2 OpenAM",
                "ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism",
                "ds-cfg-enabled: false",
                "ds-cfg-openam-token-info-url: http://openam.example.com:8080/openam/oauth2/tokeninfo",
                "ds-cfg-oauth2-authzid-json-pointer: uid",
                "ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
                "ds-cfg-oauth2-required-scope: read",
                "ds-cfg-oauth2-required-scope: write",
                "ds-cfg-oauth2-required-scope: uid",
                "ds-cfg-oauth2-access-token-cache-enabled: false",
                "ds-cfg-oauth2-access-token-cache-expiration: 300s"
        ),
        addConfigEntry(
                "dn: cn=HTTP OAuth2 Token Introspection (RFC7662),cn=HTTP Authorization Mechanisms,cn=config",
                "objectClass: top",
                "objectClass: ds-cfg-http-authorization-mechanism",
                "objectClass: ds-cfg-http-oauth2-authorization-mechanism",
                "objectClass: ds-cfg-http-oauth2-token-introspection-authorization-mechanism",
                "cn: HTTP OAuth2 Token Introspection (RFC7662)",
                "ds-cfg-java-class: "
                        + "org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism",
                "ds-cfg-enabled: false",
                "ds-cfg-oauth2-token-introspection-url: "
                        + "http://openam.example.com:8080/openam/oauth2/myrealm/introspect",
                "ds-cfg-oauth2-token-introspection-client-id: directoryserver",
                "ds-cfg-oauth2-token-introspection-client-secret: secret",
                "ds-cfg-oauth2-authzid-json-pointer: sub",
                "ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
                "ds-cfg-oauth2-required-scope: read",
                "ds-cfg-oauth2-required-scope: write",
                "ds-cfg-oauth2-required-scope: uid",
                "ds-cfg-oauth2-access-token-cache-enabled: false",
                "ds-cfg-oauth2-access-token-cache-expiration: 300s"
        ),
        addConfigEntry(
                "dn: cn=HTTP OAuth2 File,cn=HTTP Authorization Mechanisms,cn=config",
                "objectClass: top",
                "objectClass: ds-cfg-http-authorization-mechanism",
                "objectClass: ds-cfg-http-oauth2-authorization-mechanism",
                "objectClass: ds-cfg-http-oauth2-file-authorization-mechanism",
                "cn: HTTP OAuth2 File",
                "ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism",
                "ds-cfg-enabled: false",
                "ds-cfg-oauth2-access-token-directory: oauth2-demo/",
                "ds-cfg-oauth2-authzid-json-pointer: uid",
                "ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
                "ds-cfg-oauth2-required-scope: read",
                "ds-cfg-oauth2-required-scope: write",
                "ds-cfg-oauth2-required-scope: uid",
                "ds-cfg-oauth2-access-token-cache-enabled: false",
                "ds-cfg-oauth2-access-token-cache-expiration: 300s"
        ),
        /* Recursively copies.*/
        addConfigFile("rest2ldap")
    );

    /** All upgrades will refresh the server configuration schema and generate a new upgrade folder. */
    registerLast(
        performOEMMigrationIfNeeded(),

 opendj-server-legacy/src/main/java/org/opends/server/tools/upgrade/UpgradeTasks.java

@@ -23,7 +23,7 @@

import static org.forgerock.util.Utils.joinAsString;
import static org.opends.messages.ToolMessages.*;
import static org.opends.server.tools.upgrade.FileManager.copy;
import static org.opends.server.tools.upgrade.FileManager.copyRecursively;
import static org.opends.server.tools.upgrade.UpgradeUtils.*;
import static org.opends.server.types.Schema.*;
import static org.opends.server.util.StaticUtils.*;
@@ -115,6 +115,42 @@
  }

  /**
   * Returns a new upgrade task which adds a config entry to the underlying
   * config file. No summary message will be output.
   *
   * @param ldif
   *          The LDIF record which will be applied to matching entries.
   * @return A new upgrade task which applies an LDIF record to all
   *         configuration entries matching the provided filter.
   */
  public static UpgradeTask addConfigEntry(final String... ldif)
  {
    return new AbstractUpgradeTask()
    {
      @Override
      public void perform(final UpgradeContext context) throws ClientException
      {
        try
        {
          final int changeCount = updateConfigFile(configFile, null, ChangeOperationType.ADD, ldif);
          displayChangeCount(configFile, changeCount);
        }
        catch (final Exception e)
        {
          countErrors++;
          throw new ClientException(ReturnCode.ERROR_UNEXPECTED, LocalizableMessage.raw(e.getMessage()));
        }
      }

      @Override
      public String toString()
      {
        return "Add entry " + ldif[0];
      }
    };
  }

  /**
   * This task copies the file placed in parameter within the config / schema
   * folder. If the file already exists, it's overwritten.
   *
@@ -147,7 +183,7 @@
            throw new IOException(ERR_UPGRADE_CORRUPTED_TEMPLATE
                .get(schemaFileTemplate.getPath()).toString());
          }
          copy(schemaFileTemplate, configSchemaDirectory, true);
          copyRecursively(schemaFileTemplate, configSchemaDirectory, true);
          context.notifyProgress(pnc.setProgress(100));
        }
        catch (final IOException e)
@@ -192,7 +228,7 @@
        {
          context.notifyProgress(pnc.setProgress(20));

          copy(configFile, configDirectory, true);
          copyRecursively(configFile, configDirectory, true);
          context.notifyProgress(pnc.setProgress(100));
        }
        catch (final IOException e)

 opendj-server-legacy/src/messages/org/opends/messages/tool.properties

@@ -2570,6 +2570,12 @@
INFO_UPGRADE_TASK_CANNOT_READ_SCHEMA_FILE_10071=An error occurred reading schema file %s: %s
INFO_UPGRADE_TASK_CANNOT_WRITE_TO_CONCATENATED_SCHEMA_FILE_10072=An error occurred \
 appending 'ds-cfg-delimiter-char' attribute type to concatenated schema file %s: %s
INFO_UPGRADE_TASK_CONFIRM_DISABLING_HTTP_CONNECTION_HANDLER_10073=OpenDJ 3.5.0 introduced a new configuration model \
  for the HTTP connection handler and its associated endpoints. Any enabled HTTP connection handlers will be disabled \
  during the upgrade due to the break in compatibility
INFO_UPGRADE_TASK_DISABLING_HTTP_CONNECTION_HANDLER_10074=Disabling the HTTP connection handler
INFO_UPGRADE_TASK_ADDING_DEFAULT_HTTP_ENDPOINTS_AND_AUTH_10075=Adding default HTTP endpoints and auth mechanisms to \
  configuration

# Strings for generated reference documentation.
REF_SHORT_DESC_BACKUP_15000=back up OpenDJ directory data

			@@ -81,7 +81,7 @@
			}

			/**
			* Copies everything below the specified file.
			* Recursively copies everything below the specified file/directory.
			*
			* @param objectFile
			* the file to be copied.
			@@ -89,16 +89,12 @@
			* the directory to copy the file to
			* @param overwrite
			* overwrite destination files.
			* @return File representing the destination
			* @throws IOException
			* if something goes wrong.
			*/
			public static File copy(File objectFile, File destDir, boolean overwrite)
			throws IOException
			public static void copyRecursively(File objectFile, File destDir, boolean overwrite) throws IOException
			{
			CopyOperation co = new CopyOperation(objectFile, destDir, overwrite);
			co.apply();
			return co.getDestination();
			operateRecursively(new CopyOperation(objectFile, destDir, overwrite), null);
			}

			private static void operateRecursively(FileOperation op, FileFilter filter)

			@@ -591,6 +591,154 @@
			register("3.5.0",
			restoreCsvDelimiterAttributeTypeInConcatenatedSchemaFile());

			register("3.5.0",
			requireConfirmation(INFO_UPGRADE_TASK_CONFIRM_DISABLING_HTTP_CONNECTION_HANDLER.get(), YES,
			modifyConfigEntry(INFO_UPGRADE_TASK_DISABLING_HTTP_CONNECTION_HANDLER.get(),
			"(objectclass=ds-cfg-http-connection-handler)",
			"replace: ds-cfg-enabled",
			"ds-cfg-enabled: false",
			"-",
			"delete: ds-cfg-authentication-required",
			"-",
			"delete: ds-cfg-config-file",
			"-"
			)
			),
			addConfigEntry(INFO_UPGRADE_TASK_ADDING_DEFAULT_HTTP_ENDPOINTS_AND_AUTH.get(),
			"dn: cn=HTTP Endpoints,cn=config",
			"objectClass: top",
			"objectClass: ds-cfg-branch",
			"cn: HTTP Endpoints"
			),
			addConfigEntry(
			"dn: ds-cfg-base-path=/api,cn=HTTP Endpoints,cn=config",
			"objectClass: top",
			"objectClass: ds-cfg-http-endpoint",
			"objectClass: ds-cfg-rest2ldap-endpoint",
			"ds-cfg-enabled: true",
			"ds-cfg-java-class: org.opends.server.protocols.http.rest2ldap.Rest2LdapEndpoint",
			"ds-cfg-base-path: /api",
			"ds-cfg-config-directory: config/rest2ldap/endpoints/api",
			"ds-cfg-http-authorization-mechanism: cn=HTTP Basic,cn=HTTP Authorization Mechanisms,cn=config"
			),
			addConfigEntry(
			"dn: ds-cfg-base-path=/admin,cn=HTTP Endpoints,cn=config",
			"objectClass: top",
			"objectClass: ds-cfg-http-endpoint",
			"objectClass: ds-cfg-admin-endpoint",
			"ds-cfg-enabled: true",
			"ds-cfg-base-path: /admin",
			"ds-cfg-java-class: org.opends.server.protocols.http.rest2ldap.AdminEndpoint",
			"ds-cfg-http-authorization-mechanism: cn=HTTP Basic,cn=HTTP Authorization Mechanisms,cn=config"
			),
			addConfigEntry(
			"dn: cn=HTTP Authorization Mechanisms,cn=config",
			"objectClass: top",
			"objectClass: ds-cfg-branch",
			"cn: HTTP Authorizations"
			),
			addConfigEntry(
			"dn: cn=HTTP Anonymous,cn=HTTP Authorization Mechanisms,cn=config",
			"objectClass: top",
			"objectClass: ds-cfg-http-authorization-mechanism",
			"objectClass: ds-cfg-http-anonymous-authorization-mechanism",
			"cn: HTTP Anonymous",
			"ds-cfg-enabled: true",
			"ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpAnonymousAuthorizationMechanism"
			),
			addConfigEntry(
			"dn: cn=HTTP Basic,cn=HTTP Authorization Mechanisms,cn=config",
			"objectClass: top",
			"objectClass: ds-cfg-http-authorization-mechanism",
			"objectClass: ds-cfg-http-basic-authorization-mechanism",
			"cn: HTTP Basic",
			"ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpBasicAuthorizationMechanism",
			"ds-cfg-enabled: true",
			"ds-cfg-http-basic-alt-authentication-enabled: true",
			"ds-cfg-http-basic-alt-username-header: X-OpenIDM-Username",
			"ds-cfg-http-basic-alt-password-header: X-OpenIDM-Password",
			"ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config"
			),
			addConfigEntry(
			"dn: cn=HTTP OAuth2 CTS,cn=HTTP Authorization Mechanisms,cn=config",
			"objectClass: top",
			"objectClass: ds-cfg-http-authorization-mechanism",
			"objectClass: ds-cfg-http-oauth2-authorization-mechanism",
			"objectClass: ds-cfg-http-oauth2-cts-authorization-mechanism",
			"cn: HTTP OAuth2 CTS",
			"ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism",
			"ds-cfg-enabled: false",
			"ds-cfg-cts-base-dn: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com",
			"ds-cfg-oauth2-authzid-json-pointer: userName/0",
			"ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
			"ds-cfg-oauth2-required-scope: read",
			"ds-cfg-oauth2-required-scope: write",
			"ds-cfg-oauth2-required-scope: uid",
			"ds-cfg-oauth2-access-token-cache-enabled: false",
			"ds-cfg-oauth2-access-token-cache-expiration: 300s"
			),
			addConfigEntry(
			"dn: cn=HTTP OAuth2 OpenAM,cn=HTTP Authorization Mechanisms,cn=config",
			"objectClass: top",
			"objectClass: ds-cfg-http-authorization-mechanism",
			"objectClass: ds-cfg-http-oauth2-authorization-mechanism",
			"objectClass: ds-cfg-http-oauth2-openam-authorization-mechanism",
			"cn: HTTP OAuth2 OpenAM",
			"ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism",
			"ds-cfg-enabled: false",
			"ds-cfg-openam-token-info-url: http://openam.example.com:8080/openam/oauth2/tokeninfo",
			"ds-cfg-oauth2-authzid-json-pointer: uid",
			"ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
			"ds-cfg-oauth2-required-scope: read",
			"ds-cfg-oauth2-required-scope: write",
			"ds-cfg-oauth2-required-scope: uid",
			"ds-cfg-oauth2-access-token-cache-enabled: false",
			"ds-cfg-oauth2-access-token-cache-expiration: 300s"
			),
			addConfigEntry(
			"dn: cn=HTTP OAuth2 Token Introspection (RFC7662),cn=HTTP Authorization Mechanisms,cn=config",
			"objectClass: top",
			"objectClass: ds-cfg-http-authorization-mechanism",
			"objectClass: ds-cfg-http-oauth2-authorization-mechanism",
			"objectClass: ds-cfg-http-oauth2-token-introspection-authorization-mechanism",
			"cn: HTTP OAuth2 Token Introspection (RFC7662)",
			"ds-cfg-java-class: "
			+ "org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism",
			"ds-cfg-enabled: false",
			"ds-cfg-oauth2-token-introspection-url: "
			+ "http://openam.example.com:8080/openam/oauth2/myrealm/introspect",
			"ds-cfg-oauth2-token-introspection-client-id: directoryserver",
			"ds-cfg-oauth2-token-introspection-client-secret: secret",
			"ds-cfg-oauth2-authzid-json-pointer: sub",
			"ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
			"ds-cfg-oauth2-required-scope: read",
			"ds-cfg-oauth2-required-scope: write",
			"ds-cfg-oauth2-required-scope: uid",
			"ds-cfg-oauth2-access-token-cache-enabled: false",
			"ds-cfg-oauth2-access-token-cache-expiration: 300s"
			),
			addConfigEntry(
			"dn: cn=HTTP OAuth2 File,cn=HTTP Authorization Mechanisms,cn=config",
			"objectClass: top",
			"objectClass: ds-cfg-http-authorization-mechanism",
			"objectClass: ds-cfg-http-oauth2-authorization-mechanism",
			"objectClass: ds-cfg-http-oauth2-file-authorization-mechanism",
			"cn: HTTP OAuth2 File",
			"ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism",
			"ds-cfg-enabled: false",
			"ds-cfg-oauth2-access-token-directory: oauth2-demo/",
			"ds-cfg-oauth2-authzid-json-pointer: uid",
			"ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
			"ds-cfg-oauth2-required-scope: read",
			"ds-cfg-oauth2-required-scope: write",
			"ds-cfg-oauth2-required-scope: uid",
			"ds-cfg-oauth2-access-token-cache-enabled: false",
			"ds-cfg-oauth2-access-token-cache-expiration: 300s"
			),
			/* Recursively copies.*/
			addConfigFile("rest2ldap")
			);

			/** All upgrades will refresh the server configuration schema and generate a new upgrade folder. */
			registerLast(
			performOEMMigrationIfNeeded(),

			@@ -23,7 +23,7 @@

			import static org.forgerock.util.Utils.joinAsString;
			import static org.opends.messages.ToolMessages.*;
			import static org.opends.server.tools.upgrade.FileManager.copy;
			import static org.opends.server.tools.upgrade.FileManager.copyRecursively;
			import static org.opends.server.tools.upgrade.UpgradeUtils.*;
			import static org.opends.server.types.Schema.*;
			import static org.opends.server.util.StaticUtils.*;
			@@ -115,6 +115,42 @@
			}

			/**
			* Returns a new upgrade task which adds a config entry to the underlying
			* config file. No summary message will be output.
			*
			* @param ldif
			* The LDIF record which will be applied to matching entries.
			* @return A new upgrade task which applies an LDIF record to all
			* configuration entries matching the provided filter.
			*/
			public static UpgradeTask addConfigEntry(final String... ldif)
			{
			return new AbstractUpgradeTask()
			{
			@Override
			public void perform(final UpgradeContext context) throws ClientException
			{
			try
			{
			final int changeCount = updateConfigFile(configFile, null, ChangeOperationType.ADD, ldif);
			displayChangeCount(configFile, changeCount);
			}
			catch (final Exception e)
			{
			countErrors++;
			throw new ClientException(ReturnCode.ERROR_UNEXPECTED, LocalizableMessage.raw(e.getMessage()));
			}
			}

			@Override
			public String toString()
			{
			return "Add entry " + ldif[0];
			}
			};
			}

			/**
			* This task copies the file placed in parameter within the config / schema
			* folder. If the file already exists, it's overwritten.
			*
			@@ -147,7 +183,7 @@
			throw new IOException(ERR_UPGRADE_CORRUPTED_TEMPLATE
			.get(schemaFileTemplate.getPath()).toString());
			}
			copy(schemaFileTemplate, configSchemaDirectory, true);
			copyRecursively(schemaFileTemplate, configSchemaDirectory, true);
			context.notifyProgress(pnc.setProgress(100));
			}
			catch (final IOException e)
			@@ -192,7 +228,7 @@
			{
			context.notifyProgress(pnc.setProgress(20));

			copy(configFile, configDirectory, true);
			copyRecursively(configFile, configDirectory, true);
			context.notifyProgress(pnc.setProgress(100));
			}
			catch (final IOException e)

			@@ -2570,6 +2570,12 @@
			INFO_UPGRADE_TASK_CANNOT_READ_SCHEMA_FILE_10071=An error occurred reading schema file %s: %s
			INFO_UPGRADE_TASK_CANNOT_WRITE_TO_CONCATENATED_SCHEMA_FILE_10072=An error occurred \
			appending 'ds-cfg-delimiter-char' attribute type to concatenated schema file %s: %s
			INFO_UPGRADE_TASK_CONFIRM_DISABLING_HTTP_CONNECTION_HANDLER_10073=OpenDJ 3.5.0 introduced a new configuration model \
			for the HTTP connection handler and its associated endpoints. Any enabled HTTP connection handlers will be disabled \
			during the upgrade due to the break in compatibility
			INFO_UPGRADE_TASK_DISABLING_HTTP_CONNECTION_HANDLER_10074=Disabling the HTTP connection handler
			INFO_UPGRADE_TASK_ADDING_DEFAULT_HTTP_ENDPOINTS_AND_AUTH_10075=Adding default HTTP endpoints and auth mechanisms to \
			configuration

			# Strings for generated reference documentation.
			REF_SHORT_DESC_BACKUP_15000=back up OpenDJ directory data